SSL between java client and zookeeper?

[Vaibhav Devekar <va...@gmail.com>]

Hi all,

I'm using zookeeper for dynamic config management among spring apps hosted
on many servers. I'm trying to employ SSL for communication between these
java app and zookeeper since these properties can be sensitive information
such as database passwords.

Based on this guide -
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide,
I was able to test out SSL for zkCli and zookeeper. I was also able to
verify that two java web apps can do 2-way SSL with each other. I'm now
trying to do the same with a java client(spring webapp) and zookeeper.
However, it hasn't worked so far. The zookeeper log says:

2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
#21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught [id:
0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 => /fe80:0:0:0:0:0:0:1%1:2281]
EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
SSL/TLS record:
0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000


Any pointers would be great. Does java API for zookeeper even support SSL?

Code example: https://github.com/devekar/sslDemo

Thank you.

---
Vaibhav Devekar

Re: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

So I got SSL wit hzookeeper working with the zkCli.sh script, but my next
question is how do I use the new secure SSL feature with mesos? The error I
get is that zookeeper times out and is receiving something that is not a
SSL/TLS record even with mesos-SSL enabled? Any help would really be
appreciated on the matter.



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582579.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

RE: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

Martin if you scroll up a bit in the convo as well you will see my files with
"download attachment" besides them, that may work better.

Jacob



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582569.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Re: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

Let me re send them

Sent from my iPhone

On Aug 12, 2016, at 2:10 AM, Martin Gainty [via zookeeper-user] <ml...@n2.nabble.com>> wrote:

MG>where are attachments?

> Date: Thu, 11 Aug 2016 14:48:13 -0700
> From: [hidden email]</user/SendEmail.jtp?type=node&node=7582562&i=0>
> To: [hidden email]</user/SendEmail.jtp?type=node&node=7582562&i=1>
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Vaibhav,
>
>
> I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really trivial situation. Here's what I've done and which files I've utilized.
>
> The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.
>
> Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts, conf/, bin/, and ssl/.
>
> I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore within the ssl/ directory.
>
> I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take a look. MG>Where are attachments?
This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg.

>
>
> I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start
>
> then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281
>
>
>
> It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror site I'm sure where you got yours.(Over 10MB outlook limit)
>
> Thanks!
>
> Jacob
>
>
>
> ________________________________
> From: Devekar, Vaibhav [via zookeeper-user] <[hidden email]</user/SendEmail.jtp?type=node&node=7582562&i=2>>
> Sent: Thursday, August 11, 2016 2:17 PM
> To: jsmullin
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Jacob,
>
> Did you check logs for zookeeper server?
> I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
> zookeeper server and zkCli. This will give you an idea if connection fails
> during SSL handshake.
>
> --
>
>
>
> On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]</user/SendEmail.jtp?type=node&node=7582559&i=0>> wrote:
>
> >Hi there, I've been struggling for some time to get SSL working with my
> >3.5.1
> >version of Zookeeper. My end goal is to secure my communication between
> >zookeeper and mesos, I am trying a simple technique of adding everything
> >detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
> >server feeding it everything such as secureClientPort = 2281 etc in the
> >zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
> >running into issues there, the logs spit out,
> >2016-08-11 19:40:20,602 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
> >tory@363]
> >- SSL handler added for channel: null
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
> >session, client: /0:0:0:0:0:0:0:1:60824, server:
> >localhost/0:0:0:0:0:0:0:1:2281
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
> >/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,610 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
> >session timed out, have not heard from server in 15002ms for sessionid
> >0x0,
> >closing socket connection and attempting reconnect
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
> >[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty@201] - channel is told closing
> >2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
> >0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >EXCEPTION: java.nio.channels.ClosedChannelException
> >java.nio.channels.ClosedChannelException
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
> >        at
> >org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
> >rapper.java:40)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:71)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:57)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
> >NioChannelSink.java:34)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
> >        at
> >org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
> >er.java:376)
> >        at
> >org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
> >ioClientSocketPipelineSink.java:58)
> >        at org.jboss.netty.channel.Channels.close(Channels.java:828)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
> >ionComplete(SslHandler.java:1485)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
> >Future.java:427)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
> >lFuture.java:418)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
> >re.java:362)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
> >ker.java:221)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
> >tractNioWorker.java:152)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
> >ctNioChannel.java:335)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
> >stractNioSelector.java:366)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
> >ctor.java:290)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
> >.java:90)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> >        at
> >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
> >1142)
> >        at
> >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> >:617)
> >        at java.lang.Thread.run(Thread.java:745)
> >Any help or guidance to my long term goal would be very appreciated as the
> >info about zookeeper and enabling SSL is slim to none. I can post my
> >configs
> >etc, anything you need!
> >
> >
> >
> >--
> >View this message in context:
> >http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
> >keeper-tp7582421p7582558.html
> >Sent from the zookeeper-user mailing list archive at Nabble.com<http://nabble.com>.
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
> To unsubscribe from SSL between java client and zookeeper?, click here<
> NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
> zkCli.sh (2K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh>
> zkEnv.sh (5K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh>
> zkServer.sh (12K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh>
> java.env (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env>
> zoo.cfg (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg>
>
>
>
>
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html
> Sent from the zookeeper-user mailing list archive at Nabble.com<http://nabble.com>.


________________________________
If you reply to this email, your message will be added to the discussion below:
http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582562.html
To unsubscribe from SSL between java client and zookeeper?, click here<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7582421&code=anMuMTk5MkBsaXZlLmNvbXw3NTgyNDIxfDE0NzIyMTY2MTE=>.
NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>




--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582563.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Re: SSL between java client and zookeeper?

["Devekar, Vaibhav" <Va...@Staples.com>]

From your java.env:
-Dzookeeper.ssl.keyStore.location=/vagrant/opt/zookeeper-3.5.1-alpha/ssl/te
stTrustStore.jks 

Did you mean to put testKeyStore.jks?


On other note, I think you will also need to use same password for both
key and keystore. I don¹t recall exactly but Zookeeper doesn¹t support
separate config option for key and uses Dzookeeper.ssl.keyStore.password
for both.
 
--
Vaibhav






On 8/12/16, 9:48 AM, "Cantrell, Curtis" <Cu...@bkfs.com> wrote:

>I can! 
>
>-----Original Message-----
>From: Martin Gainty [mailto:mgainty@hotmail.com]
>Sent: Friday, August 12, 2016 12:45 PM
>To: user@zookeeper.apache.org
>Subject: RE: SSL between java client and zookeeper?
>
>can anyone besides mullin
>access:http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg
>?
>Martin 
>______________________________________________
>
>
>
>> Date: Fri, 12 Aug 2016 08:54:03 -0700
>> From: js.1992@live.com
>> To: zookeeper-user@hadoop.apache.org
>> Subject: RE: SSL between java client and zookeeper?
>> 
>> But I run a script to change from that zoo.cfg and I add the
>> secureClinetPort=2281
>> 
>> 
>> 
>> --
>> View this message in context:
>>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zo
>>okeeper-tp7582421p7582566.html
>> Sent from the zookeeper-user mailing list archive at Nabble.com.
> 		 	   		  
>The information contained in this message is proprietary and/or
>confidential. If you are not the intended recipient, please: (i) delete
>the message and all copies; (ii) do not disclose, distribute or use the
>message in any manner; and (iii) notify the sender immediately. In
>addition, please be aware that any message addressed to our domain is
>subject to archiving and review by persons other than the intended
>recipient. Thank you.
>

RE: SSL between java client and zookeeper?

["Cantrell, Curtis" <Cu...@bkfs.com>]

I can! 

-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com] 
Sent: Friday, August 12, 2016 12:45 PM
To: user@zookeeper.apache.org
Subject: RE: SSL between java client and zookeeper?

can anyone besides mullin access:http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg
?
Martin 
______________________________________________ 



> Date: Fri, 12 Aug 2016 08:54:03 -0700
> From: js.1992@live.com
> To: zookeeper-user@hadoop.apache.org
> Subject: RE: SSL between java client and zookeeper?
> 
> But I run a script to change from that zoo.cfg and I add the
> secureClinetPort=2281
> 
> 
> 
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582566.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
 		 	   		  
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

RE: SSL between java client and zookeeper?

[Martin Gainty <mg...@hotmail.com>]

can anyone besides mullin access:http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg
?
Martin 
______________________________________________ 



> Date: Fri, 12 Aug 2016 08:54:03 -0700
> From: js.1992@live.com
> To: zookeeper-user@hadoop.apache.org
> Subject: RE: SSL between java client and zookeeper?
> 
> But I run a script to change from that zoo.cfg and I add the
> secureClinetPort=2281
> 
> 
> 
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582566.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
 		 	   		  

RE: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

But I run a script to change from that zoo.cfg and I add the
secureClinetPort=2281



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582566.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

RE: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

zoo.cfg <http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg>  
java.env <http://zookeeper-user.578899.n2.nabble.com/file/n7582565/java.env>  
zkCli.sh <http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zkCli.sh>  
zkServer.sh
<http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zkServer.sh>  
zkEnv.sh <http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zkEnv.sh>  



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582565.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

RE: SSL between java client and zookeeper?

[Martin Gainty <mg...@hotmail.com>]

MG>where are attachments?

> Date: Thu, 11 Aug 2016 14:48:13 -0700
> From: js.1992@live.com
> To: zookeeper-user@hadoop.apache.org
> Subject: Re: SSL between java client and zookeeper?
> 
> Hi Vaibhav,
> 
> 
> I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really trivial situation. Here's what I've done and which files I've utilized.
> 
> The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.
> 
> Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts, conf/, bin/, and ssl/.
> 
> I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore within the ssl/ directory.
> 
> I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take a look. MG>Where are attachments?
This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg.
> 
> 
> I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start
> 
> then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281
> 
> 
> 
> It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror site I'm sure where you got yours.(Over 10MB outlook limit)
> 
> Thanks!
> 
> Jacob
> 
> 
> 
> ________________________________
> From: Devekar, Vaibhav [via zookeeper-user] <ml...@n2.nabble.com>
> Sent: Thursday, August 11, 2016 2:17 PM
> To: jsmullin
> Subject: Re: SSL between java client and zookeeper?
> 
> Hi Jacob,
> 
> Did you check logs for zookeeper server?
> I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
> zookeeper server and zkCli. This will give you an idea if connection fails
> during SSL handshake.
> 
> --
> 
> 
> 
> On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]</user/SendEmail.jtp?type=node&node=7582559&i=0>> wrote:
> 
> >Hi there, I've been struggling for some time to get SSL working with my
> >3.5.1
> >version of Zookeeper. My end goal is to secure my communication between
> >zookeeper and mesos, I am trying a simple technique of adding everything
> >detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
> >server feeding it everything such as secureClientPort = 2281 etc in the
> >zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
> >running into issues there, the logs spit out,
> >2016-08-11 19:40:20,602 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
> >tory@363]
> >- SSL handler added for channel: null
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
> >session, client: /0:0:0:0:0:0:0:1:60824, server:
> >localhost/0:0:0:0:0:0:0:1:2281
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
> >/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,610 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
> >session timed out, have not heard from server in 15002ms for sessionid
> >0x0,
> >closing socket connection and attempting reconnect
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
> >[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty@201] - channel is told closing
> >2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
> >0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >EXCEPTION: java.nio.channels.ClosedChannelException
> >java.nio.channels.ClosedChannelException
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
> >        at
> >org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
> >rapper.java:40)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:71)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:57)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
> >NioChannelSink.java:34)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
> >        at
> >org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
> >er.java:376)
> >        at
> >org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
> >ioClientSocketPipelineSink.java:58)
> >        at org.jboss.netty.channel.Channels.close(Channels.java:828)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
> >ionComplete(SslHandler.java:1485)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
> >Future.java:427)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
> >lFuture.java:418)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
> >re.java:362)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
> >ker.java:221)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
> >tractNioWorker.java:152)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
> >ctNioChannel.java:335)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
> >stractNioSelector.java:366)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
> >ctor.java:290)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
> >.java:90)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> >        at
> >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
> >1142)
> >        at
> >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> >:617)
> >        at java.lang.Thread.run(Thread.java:745)
> >Any help or guidance to my long term goal would be very appreciated as the
> >info about zookeeper and enabling SSL is slim to none. I can post my
> >configs
> >etc, anything you need!
> >
> >
> >
> >--
> >View this message in context:
> >http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
> >keeper-tp7582421p7582558.html
> >Sent from the zookeeper-user mailing list archive at Nabble.com.
> 
> 
> 
> ________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
> To unsubscribe from SSL between java client and zookeeper?, click here<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7582421&code=anMuMTk5MkBsaXZlLmNvbXw3NTgyNDIxfDE0NzIyMTY2MTE=>.
> NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
> 
> 
> zkCli.sh (2K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh>
> zkEnv.sh (5K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh>
> zkServer.sh (12K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh>
> java.env (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env>
> zoo.cfg (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg>
> 
> 
> 
> 
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
 		 	   		  

Re: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

Hi Vaibhav,


I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really trivial situation. Here's what I've done and which files I've utilized.

The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.

Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts, conf/, bin/, and ssl/.

I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore within the ssl/ directory.

I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take a look. This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg.


I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start

then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281



It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror site I'm sure where you got yours.(Over 10MB outlook limit)

Thanks!

Jacob



________________________________
From: Devekar, Vaibhav [via zookeeper-user] <ml...@n2.nabble.com>
Sent: Thursday, August 11, 2016 2:17 PM
To: jsmullin
Subject: Re: SSL between java client and zookeeper?

Hi Jacob,

Did you check logs for zookeeper server?
I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
zookeeper server and zkCli. This will give you an idea if connection fails
during SSL handshake.

--



On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]</user/SendEmail.jtp?type=node&node=7582559&i=0>> wrote:

>Hi there, I've been struggling for some time to get SSL working with my
>3.5.1
>version of Zookeeper. My end goal is to secure my communication between
>zookeeper and mesos, I am trying a simple technique of adding everything
>detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
>server feeding it everything such as secureClientPort = 2281 etc in the
>zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
>running into issues there, the logs spit out,
>2016-08-11 19:40:20,602 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
>tory@363]
>- SSL handler added for channel: null
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
>session, client: /0:0:0:0:0:0:0:1:60824, server:
>localhost/0:0:0:0:0:0:0:1:2281
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
>/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,610 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
>session timed out, have not heard from server in 15002ms for sessionid
>0x0,
>closing socket connection and attempting reconnect
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
>[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty@201] - channel is told closing
>2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
>0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>EXCEPTION: java.nio.channels.ClosedChannelException
>java.nio.channels.ClosedChannelException
>        at
>org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
>        at
>org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
>rapper.java:40)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:71)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:57)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
>NioChannelSink.java:34)
>        at
>org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
>        at
>org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
>er.java:376)
>        at
>org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
>ioClientSocketPipelineSink.java:58)
>        at org.jboss.netty.channel.Channels.close(Channels.java:828)
>        at
>org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
>ionComplete(SslHandler.java:1485)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
>Future.java:427)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
>lFuture.java:418)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
>re.java:362)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
>ker.java:221)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
>tractNioWorker.java:152)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
>ctNioChannel.java:335)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
>stractNioSelector.java:366)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
>ctor.java:290)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
>.java:90)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
>        at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1142)
>        at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:617)
>        at java.lang.Thread.run(Thread.java:745)
>Any help or guidance to my long term goal would be very appreciated as the
>info about zookeeper and enabling SSL is slim to none. I can post my
>configs
>etc, anything you need!
>
>
>
>--
>View this message in context:
>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
>keeper-tp7582421p7582558.html
>Sent from the zookeeper-user mailing list archive at Nabble.com.



________________________________
If you reply to this email, your message will be added to the discussion below:
http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
To unsubscribe from SSL between java client and zookeeper?, click here<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7582421&code=anMuMTk5MkBsaXZlLmNvbXw3NTgyNDIxfDE0NzIyMTY2MTE=>.
NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>


zkCli.sh (2K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh>
zkEnv.sh (5K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh>
zkServer.sh (12K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh>
java.env (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env>
zoo.cfg (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg>




--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Re: SSL between java client and zookeeper?

["Devekar, Vaibhav" <Va...@Staples.com>]

Hi Jacob,

Did you check logs for zookeeper server?
I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
zookeeper server and zkCli. This will give you an idea if connection fails
during SSL handshake.

-- 



On 8/11/16, 12:54 PM, "jsmullin" <js...@live.com> wrote:

>Hi there, I've been struggling for some time to get SSL working with my
>3.5.1
>version of Zookeeper. My end goal is to secure my communication between
>zookeeper and mesos, I am trying a simple technique of adding everything
>detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
>server feeding it everything such as secureClientPort = 2281 etc in the
>zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
>running into issues there, the logs spit out,
>2016-08-11 19:40:20,602 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
>tory@363]
>- SSL handler added for channel: null
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
>session, client: /0:0:0:0:0:0:0:1:60824, server:
>localhost/0:0:0:0:0:0:0:1:2281
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
>/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,610 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
>session timed out, have not heard from server in 15002ms for sessionid
>0x0,
>closing socket connection and attempting reconnect
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
>[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty@201] - channel is told closing
>2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
>0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>EXCEPTION: java.nio.channels.ClosedChannelException
>java.nio.channels.ClosedChannelException
>        at
>org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
>        at
>org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
>rapper.java:40)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:71)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:57)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
>NioChannelSink.java:34)
>        at
>org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
>        at
>org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
>er.java:376)
>        at
>org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
>ioClientSocketPipelineSink.java:58)
>        at org.jboss.netty.channel.Channels.close(Channels.java:828)
>        at
>org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
>ionComplete(SslHandler.java:1485)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
>Future.java:427)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
>lFuture.java:418)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
>re.java:362)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
>ker.java:221)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
>tractNioWorker.java:152)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
>ctNioChannel.java:335)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
>stractNioSelector.java:366)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
>ctor.java:290)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
>.java:90)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
>        at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1142)
>        at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:617)
>        at java.lang.Thread.run(Thread.java:745)
>Any help or guidance to my long term goal would be very appreciated as the
>info about zookeeper and enabling SSL is slim to none. I can post my
>configs
>etc, anything you need!
>
>
>
>--
>View this message in context:
>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
>keeper-tp7582421p7582558.html
>Sent from the zookeeper-user mailing list archive at Nabble.com.

Re: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

Hi there, I've been struggling for some time to get SSL working with my 3.5.1
version of Zookeeper. My end goal is to secure my communication between
zookeeper and mesos, I am trying a simple technique of adding everything
detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
server feeding it everything such as secureClientPort = 2281 etc in the
zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
running into issues there, the logs spit out,
2016-08-11 19:40:20,602 [myid:] - INFO 
[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFactory@363]
- SSL handler added for channel: null
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
session, client: /0:0:0:0:0:0:0:1:60824, server:
localhost/0:0:0:0:0:0:0:1:2281
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,610 [myid:] - INFO 
[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
session timed out, have not heard from server in 15002ms for sessionid 0x0,
closing socket connection and attempting reconnect
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
#2:ClientCnxnSocketNetty@201] - channel is told closing
2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
EXCEPTION: java.nio.channels.ClosedChannelException
java.nio.channels.ClosedChannelException
        at
org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
        at
org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableWrapper.java:40)
        at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:71)
        at
org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
        at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:57)
        at
org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
        at
org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(AbstractNioChannelSink.java:34)
        at
org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
        at
org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
        at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWorker.java:376)
        at
org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(NioClientSocketPipelineSink.java:58)
        at org.jboss.netty.channel.Channels.close(Channels.java:828)
        at
org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:1485)
        at
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
        at
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
        at
org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:362)
        at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWorker.java:221)
        at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(AbstractNioWorker.java:152)
        at
org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(AbstractNioChannel.java:335)
        at
org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:366)
        at
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:290)
        at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
        at
org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Any help or guidance to my long term goal would be very appreciated as the
info about zookeeper and enabling SSL is slim to none. I can post my configs
etc, anything you need! 



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582558.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Re: SSL between java client and zookeeper?

[jsmullin <js...@live.com>]

Hi there, I've been struggling for some time to get SSL working with my 3.5.1
version of Zookeeper. My end goal is to secure my communication between
zookeeper and mesos, I am trying a simple technique of adding everything
detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
server feeding it everything such as secureClientPort = 2281 etc in the
zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
running into issues there, the logs spit out,
2016-08-11 19:40:20,602 [myid:] - INFO 
[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFactory@363]
- SSL handler added for channel: null
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
session, client: /0:0:0:0:0:0:0:1:60824, server:
localhost/0:0:0:0:0:0:0:1:2281
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,610 [myid:] - INFO 
[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
session timed out, have not heard from server in 15002ms for sessionid 0x0,
closing socket connection and attempting reconnect
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
#2:ClientCnxnSocketNetty@201] - channel is told closing
2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
EXCEPTION: java.nio.channels.ClosedChannelException
java.nio.channels.ClosedChannelException
	at org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
	at
org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableWrapper.java:40)
	at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:71)
	at
org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
	at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:57)
	at
org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
	at
org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(AbstractNioChannelSink.java:34)
	at
org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
	at org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
	at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWorker.java:376)
	at
org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(NioClientSocketPipelineSink.java:58)
	at org.jboss.netty.channel.Channels.close(Channels.java:828)
	at
org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:1485)
	at
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
	at
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
	at
org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:362)
	at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWorker.java:221)
	at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(AbstractNioWorker.java:152)
	at
org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(AbstractNioChannel.java:335)
	at
org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:366)
	at
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:290)
	at
org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
	at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Any help or guidance to my long term goal would be very appreciated as the
info about zookeeper and enabling SSL is slim to none. I can post my configs
etc, anything you need!



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582557.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Re: SSL between java client and zookeeper?

[Flavio Junqueira <fp...@yahoo.com.INVALID>]

Thanks for reporting back, Vaibhav.

-Flavio

> On 17 Jun 2016, at 22:04, Vaibhav Devekar <va...@gmail.com> wrote:
> 
> Never mind, I figured that out. Quite silly of me. I did not realize that
> CLIENT_JVMFLAGS was meant not just for zkCli but also for java clients!
> 
> I was providing the keystore and trustore values via the java.net.ssl
> arguments. Having these separate JVM arguments does make sense. One may
> want the SSL to be limited to zookeeper connections only.
> 
> 
> ---
> Vaibhav Devekar
> 
> 
> 
> On Fri, Jun 17, 2016 at 1:14 PM, Devekar, Vaibhav <
> Vaibhav.Devekar@staples.com> wrote:
> 
>> I¹m using 3.5.1-alpha. I did forget to update the version for the java
>> library. Thank you for pointing that out. However, I still get the same
>> error after using the latest.
>> Is the zookeeper API supposed to work out of the box? The only thing I did
>> was add keystore and trustore values as JVM arguments to tomcat. I also
>> configured them in tomcat¹s server.xml
>> 
>> 
>> --
>> Vaibhav Devekar
>> Dotcom-Search | Seattle Dev Lab
>> 
>> 
>> 
>> 
>> On 6/17/16, 1:39 AM, "Flavio Junqueira" <fp...@apache.org> wrote:
>> 
>>> Hi there,
>>> 
>>> Which version of the client are you using? This is available only on the
>>> 3.5 branch and trunk.
>>> 
>>> -Flavio
>>> 
>>>> On 17 Jun 2016, at 00:29, Vaibhav Devekar <va...@gmail.com>
>>>> wrote:
>>>> 
>>>> Re-sending since I probably wasn't subscribed before.
>>>> 
>>>> ---
>>>> Vaibhav Devekar
>>>> 
>>>> 
>>>> 
>>>> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
>>>> <va...@gmail.com>
>>>> wrote:
>>>> 
>>>>> Hi all,
>>>>> 
>>>>> I'm using zookeeper for dynamic config management among spring apps
>>>>> hosted
>>>>> on many servers. I'm trying to employ SSL for communication between
>>>>> these
>>>>> java app and zookeeper since these properties can be sensitive
>>>>> information
>>>>> such as database passwords.
>>>>> 
>>>>> Based on this guide -
>>>>> 
>>>>> 
>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
>>>>> +Guide,
>>>>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>>>>> verify that two java web apps can do 2-way SSL with each other. I'm now
>>>>> trying to do the same with a java client(spring webapp) and zookeeper.
>>>>> However, it hasn't worked so far. The zookeeper log says:
>>>>> 
>>>>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>>>>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>>>>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
>>>>> /fe80:0:0:0:0:0:0:1%1:2281]
>>>>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>>>>> SSL/TLS record:
>>>>> 
>>>>> 0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>>> 00000000000000000000000000
>>>>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
>>>>> record:
>>>>> 
>>>>> 0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>>> 00000000000000000000000000
>>>>> 
>>>>> 
>>>>> Any pointers would be great. Does java API for zookeeper even support
>>>>> SSL?
>>>>> 
>>>>> Code example: https://github.com/devekar/sslDemo
>>>>> 
>>>>> Thank you.
>>>>> 
>>>>> ---
>>>>> Vaibhav Devekar
>>>>> 
>>>>> 
>>>>> 
>>> 
>> 
>> 

Re: SSL between java client and zookeeper?

[Vaibhav Devekar <va...@gmail.com>]

Never mind, I figured that out. Quite silly of me. I did not realize that
CLIENT_JVMFLAGS was meant not just for zkCli but also for java clients!

I was providing the keystore and trustore values via the java.net.ssl
arguments. Having these separate JVM arguments does make sense. One may
want the SSL to be limited to zookeeper connections only.


---
Vaibhav Devekar



On Fri, Jun 17, 2016 at 1:14 PM, Devekar, Vaibhav <
Vaibhav.Devekar@staples.com> wrote:

> I¹m using 3.5.1-alpha. I did forget to update the version for the java
> library. Thank you for pointing that out. However, I still get the same
> error after using the latest.
> Is the zookeeper API supposed to work out of the box? The only thing I did
> was add keystore and trustore values as JVM arguments to tomcat. I also
> configured them in tomcat¹s server.xml
>
>
> --
> Vaibhav Devekar
> Dotcom-Search | Seattle Dev Lab
>
>
>
>
> On 6/17/16, 1:39 AM, "Flavio Junqueira" <fp...@apache.org> wrote:
>
> >Hi there,
> >
> >Which version of the client are you using? This is available only on the
> >3.5 branch and trunk.
> >
> >-Flavio
> >
> >> On 17 Jun 2016, at 00:29, Vaibhav Devekar <va...@gmail.com>
> >>wrote:
> >>
> >> Re-sending since I probably wasn't subscribed before.
> >>
> >> ---
> >> Vaibhav Devekar
> >>
> >>
> >>
> >> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
> >><va...@gmail.com>
> >> wrote:
> >>
> >>> Hi all,
> >>>
> >>> I'm using zookeeper for dynamic config management among spring apps
> >>>hosted
> >>> on many servers. I'm trying to employ SSL for communication between
> >>>these
> >>> java app and zookeeper since these properties can be sensitive
> >>>information
> >>> such as database passwords.
> >>>
> >>> Based on this guide -
> >>>
> >>>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
> >>>+Guide,
> >>> I was able to test out SSL for zkCli and zookeeper. I was also able to
> >>> verify that two java web apps can do 2-way SSL with each other. I'm now
> >>> trying to do the same with a java client(spring webapp) and zookeeper.
> >>> However, it hasn't worked so far. The zookeeper log says:
> >>>
> >>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
> >>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
> >>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
> >>>/fe80:0:0:0:0:0:0:1%1:2281]
> >>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
> >>> SSL/TLS record:
> >>>
> >>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
> >>>00000000000000000000000000
> >>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
> >>>record:
> >>>
> >>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
> >>>00000000000000000000000000
> >>>
> >>>
> >>> Any pointers would be great. Does java API for zookeeper even support
> >>>SSL?
> >>>
> >>> Code example: https://github.com/devekar/sslDemo
> >>>
> >>> Thank you.
> >>>
> >>> ---
> >>> Vaibhav Devekar
> >>>
> >>>
> >>>
> >
>
>

Re: SSL between java client and zookeeper?

["Devekar, Vaibhav" <Va...@Staples.com>]

I¹m using 3.5.1-alpha. I did forget to update the version for the java
library. Thank you for pointing that out. However, I still get the same
error after using the latest.
Is the zookeeper API supposed to work out of the box? The only thing I did
was add keystore and trustore values as JVM arguments to tomcat. I also
configured them in tomcat¹s server.xml


-- 
Vaibhav Devekar
Dotcom-Search | Seattle Dev Lab




On 6/17/16, 1:39 AM, "Flavio Junqueira" <fp...@apache.org> wrote:

>Hi there,
>
>Which version of the client are you using? This is available only on the
>3.5 branch and trunk.
>
>-Flavio
> 
>> On 17 Jun 2016, at 00:29, Vaibhav Devekar <va...@gmail.com>
>>wrote:
>> 
>> Re-sending since I probably wasn't subscribed before.
>> 
>> ---
>> Vaibhav Devekar
>> 
>> 
>> 
>> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
>><va...@gmail.com>
>> wrote:
>> 
>>> Hi all,
>>> 
>>> I'm using zookeeper for dynamic config management among spring apps
>>>hosted
>>> on many servers. I'm trying to employ SSL for communication between
>>>these
>>> java app and zookeeper since these properties can be sensitive
>>>information
>>> such as database passwords.
>>> 
>>> Based on this guide -
>>> 
>>>https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
>>>+Guide,
>>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>>> verify that two java web apps can do 2-way SSL with each other. I'm now
>>> trying to do the same with a java client(spring webapp) and zookeeper.
>>> However, it hasn't worked so far. The zookeeper log says:
>>> 
>>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
>>>/fe80:0:0:0:0:0:0:1%1:2281]
>>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>>> SSL/TLS record:
>>> 
>>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>00000000000000000000000000
>>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
>>>record:
>>> 
>>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>00000000000000000000000000
>>> 
>>> 
>>> Any pointers would be great. Does java API for zookeeper even support
>>>SSL?
>>> 
>>> Code example: https://github.com/devekar/sslDemo
>>> 
>>> Thank you.
>>> 
>>> ---
>>> Vaibhav Devekar
>>> 
>>> 
>>> 
>

Re: SSL between java client and zookeeper?

[Flavio Junqueira <fp...@apache.org>]

Hi there,

Which version of the client are you using? This is available only on the 3.5 branch and trunk.

-Flavio
 
> On 17 Jun 2016, at 00:29, Vaibhav Devekar <va...@gmail.com> wrote:
> 
> Re-sending since I probably wasn't subscribed before.
> 
> ---
> Vaibhav Devekar
> 
> 
> 
> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar <va...@gmail.com>
> wrote:
> 
>> Hi all,
>> 
>> I'm using zookeeper for dynamic config management among spring apps hosted
>> on many servers. I'm trying to employ SSL for communication between these
>> java app and zookeeper since these properties can be sensitive information
>> such as database passwords.
>> 
>> Based on this guide -
>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide,
>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>> verify that two java web apps can do 2-way SSL with each other. I'm now
>> trying to do the same with a java client(spring webapp) and zookeeper.
>> However, it hasn't worked so far. The zookeeper log says:
>> 
>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 => /fe80:0:0:0:0:0:0:1%1:2281]
>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>> SSL/TLS record:
>> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
>> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
>> 
>> 
>> Any pointers would be great. Does java API for zookeeper even support SSL?
>> 
>> Code example: https://github.com/devekar/sslDemo
>> 
>> Thank you.
>> 
>> ---
>> Vaibhav Devekar
>> 
>> 
>> 

Re: SSL between java client and zookeeper?

[Vaibhav Devekar <va...@gmail.com>]

Re-sending since I probably wasn't subscribed before.

---
Vaibhav Devekar



On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar <va...@gmail.com>
wrote:

> Hi all,
>
> I'm using zookeeper for dynamic config management among spring apps hosted
> on many servers. I'm trying to employ SSL for communication between these
> java app and zookeeper since these properties can be sensitive information
> such as database passwords.
>
> Based on this guide -
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide,
> I was able to test out SSL for zkCli and zookeeper. I was also able to
> verify that two java web apps can do 2-way SSL with each other. I'm now
> trying to do the same with a java client(spring webapp) and zookeeper.
> However, it hasn't worked so far. The zookeeper log says:
>
> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 => /fe80:0:0:0:0:0:0:1%1:2281]
> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
> SSL/TLS record:
> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
>
>
> Any pointers would be great. Does java API for zookeeper even support SSL?
>
> Code example: https://github.com/devekar/sslDemo
>
> Thank you.
>
> ---
> Vaibhav Devekar
>
>
>

Re: SSL between java client and zookeeper?

[sowmithra <so...@gmail.com>]

http://sowmithra.over-blog.com/zookeeper-ssl-authentication.html




--
Sent from: http://zookeeper-user.578899.n2.nabble.com/